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CLAIMS 




What is claimed is: 

A method for repetitively executing a plurality of software packages at one or 
more rates, utilizing a common set o computational resources, the method comprising the steps: 

3 generating a sequence of time intervals for each of the plurality of software 

4 packages, the time intervals belonging to one software package not overlapping the time intervals 

5 belonging to any other of the plurality of software packages; 

li 6 executing a plurality of software packages, each software package being executed 

i i 7 during the time intervals of its sequence \of time intervals. 
I J 1 2. The method of claim 1\ wherein the plurality of software packages of the 

2 "executing" step includes only valid software packages, the method further comprising the step: 
lit 3 utilizing one or more tests to identify the software packages that are valid, 

f 3 l 3. The method of claim 2 wherein one of the tests for validity is a one's complement 

2 checksum test of a software package's program memory. 

1 4. The method of claim 2 wherein a software package is assigned its own dedicated 

2 memory region, one of the tests for validity being whether the address returned for the software 

3 package's initialization procedure lies within its dedicated memory region. 

1 5. The method of claim 4 wherein pne of the tests is whether the address is returned 

2 within a predetermined time. 

1 6. The method of claim 2 wherein a Software package is assigned its own dedicated 

2 memory region, the software package's dedicated memory region including a stack memory 
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e of the tests for validity being whether the stack memory 
assigned during the execution of the software package's 
associated entry points lies within the software package's 



region and/or a heap memory region, ^ni 
range and/or the heap memory range 
initialization procedure and the various 
dedicated memory region 

7. The method of claim 6 Wherein one of the tests is whether the stack memory range 
and/or the heap memory range and the various associated entry points are returned within a 
predetermined time. 

8. The method of claim 1 wherein a software package is assigned its own dedicated 
memory region 

9. The method of claim 8 ^herein the software package's dedicated memory region 
includes a stack memory region, a software package's stack residing in the software package's 
stack memory region. 

10. The method of claim 1 wherein a software package includes background tasks as 
well as foreground tasks, the background\tasks being performed after the foreground tasks have 
been completed. 



1 1 . The method of claim 1 0 wherein a background task is an infinite loop. 

12. The method of claim 10 wherein the software package causes the power utilized 
in executing the software package to be minimized after completion of the background tasks. 



13. 



lmi: 



The method of claim 1 wherein a failure in the execution of a software package 



r 



causes information to be logged in a failure log 



14. 



The method of claim 13 wherein a failure in execution is linked to the software 



2 package that caused the failure. 
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17. 



15. The method of claim l|3 wherein quality of performance in executing a software 
package is represented by one or more performance-quality parameters, values of the one or more 
performance-quality parameters being (determined from the information logged in a failure log, 
the execution of a software package being subject to a plurality of execution options, an 
execution option being selected on the: basis of one or more performance-quality parameter 
values. 

16. The method of claim lj5 wherein the plurality of execution options are user 
configurable. 

The method of claim IS wherein performance-quality parameters include the 
number of failures and/or the rate of failures for one or more classes of failures recorded in a 
software package's failure log. 

18. The method of claim 1 ^[herein safety-critical software is placed in one or more 

? ety-critical software from non-safety-critical software, 
wherein each of the plurality of software packages is 
assigned its own memory block, a software package being enabled to read data only from zero or 
more memory blocks associated with oth sr software packages, the zero or more memory blocks 
readable by a software package being either predetermined or determined during execution of the 
software packages in accordance with a settof one or more rules. 

20. The method of claim 1 wherein each of the plurality of software packages is 
assigned its own memory block, a software Wckage being enabled to write data only to zero or 
more memory blocks associated with other software packages, the zero or more memory blocks 



separate partitions thereby isolating the s; i 
19. The method of claim 1 
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4 writeable by a software package being either predetermined or determined during execution of 

5 the software packages in accordance wfth a set of one or more rules. 

wherein an executive software package enforces the 



21. 



The method of claim I 



discipline that each software package executes only during the time intervals of its sequence of 



time intervals, the executive software 
package extends into a time interval 
another software package and performs 
22. The method of claim 1 



2 present is detected. 



23. 



The method of claim 1 



package determining when the execution of a software 
belonging to the sequence of time intervals assigned to 
a remedial action. 

wherein the presence of those software packages that are 



wherein one or more of the plurality of software packages 
are independently compiled, linked, an i loaded. 

24. The method of claim 1 wherein a software package has its own stack, the software 



2 package's stack being selected prior to ejxecuting the software package 



exe 



25. Apparatus for practicing the method of claim 1 . 

26. Apparatus for repetitively executing a plurality of software packages at a plurality 
of rates, the apparatus comprising: 

a means for generating a sequence of time intervals for each of the plurality of 



software packages, the time intervals belonging to one software package not overlapping the time 



intervals belonging to any other of the plurality of software packages; 

a means for executing a plurality of software packages, each software package 
being executed during the time intervals ofits sequence of time intervals. 
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27. The apparatus of cldim 26 wherein the plurality of software packages executed by 
the "executing" means includes onty valid software packages, the apparatus further comprising: 

one or more tests to identify the software packages that are 



a means for utilizing 



valid. 



28. 



The apparatus of claim 27 wherein one of the tests for validity is a one's 
2 complement checksum test of a software package's program memory. 

1 29. The apparatus of claim 27 wherein a software package is assigned its own 

2 dedicated memory region, one of ihe tests for validity being whether the address returned for the 

3 software package's initialization procedure lies within its dedicated memory region. 
The apparatus of :laim 29 wherein one of the tests is whether the address is 



30. 



returned within a predetermined time 



dedicated memory region, 



claim 27 wherein a software package is assigned its own 



31. The apparatus of 

*ion, the software package's dedicated memory region including a stack 

; of the tests for validity being whether the stack 



3 memory region and/or a heap memory region, one 

4 memory range and/or the heap memory range assigned during the execution of the software 

and the various associated entry points lies within the software 



package's initialization procedure 



6 package's dedicated memory region. 

1 32. The apparatus of claim 31 wherein one of the tests is whether the stack memory 

2 range and/or the heap memory raige and the various associated entry points are returned within 

3 a predetermined time. 
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34. 



The apparatus of clai 



33. The apparatus of claim 26 wherein a software package is assigned its own 
dedicated memory region. 

33 wherein the software package's dedicated memory 
region includes a stack memory region, a software package's stack residing in the software 
package's stack memory region. 

35. The apparatus of claim 26 wherein a software package includes background tasks 
as well as foreground tasks, the background tasks being performed after the foreground tasks 
have been completed. 

36. The apparatus of claim 35 wherein a background task is an infinite loop. 
The apparatus of ch im 35 wherein the software package causes the power utilized 



37. 



in executing the software package to be minimized after completion of the background tasks. 



38. The apparatus of claim 26 wherein a failure in the execution of a software 



package causes information to be 

39. The apparatus of c 
package that caused the failure. 

40. The apparatus of c 



ogged in a failure log. 

aim 38 wherein a failure in execution is linked to the software 



aim 38 wherein quality of performance in executing a software 
package is represented by one or r lore performance-quality parameters, values of the one or more 
performance-quality parameters being determined from the information logged in a failure log, 
the execution of a software package being subject to a plurality of execution options, an 
5 execution option being selected on the basis of one or more performance-quality parameter 
values. 
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41. The apparatus of clainj 40 wherein the plurality of execution options are user 
configurable. 



42. The apparatus of claim 

number of failures and/or the rate of fa 
software package's failure log. 



0 wherein performance-quality parameters include the 
lures for one or more classes of failures recorded in a 



43. 



The apparatus of claim 



44. 



The apparatus of claim 



26 wherein safety-critical software is placed in one or 
more separate partitions thereby isolating the safety-critical software from non-safety-critical 
software. 



readable by a software package being 
software packages in accordance witt 



26 wherein each of the plurality of software packages is 
assigned its own memory block, a software package being enabled to read data only from zero or 
more memory blocks associated with other software packages, the zero or more memory blocks 

either predetermined or determined during execution of the 
a set of one or more rules. 

45. The apparatus of claiin 26 wherein each of the plurality of software packages is 
assigned its own memory block, a software package being enabled to write data only to zero or 
more memory blocks associated with other software packages, the zero or more memory blocks 
writeable by a software package being either predetermined or determined during execution of 
the software packages in accordance with a set of one or more rules. 

46. The apparatus of claim 26 wherein an executive software package enforces the 
discipline that each software package executes only during the time intervals of its sequence of 
time intervals, the executive softwire package determining when the execution of a software 
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4 package extends into a time interval belonging to the sequence of time intervals assigned to 

5 another software package and performs a remedial action. 

l 47. The apparatus of claim 26 wherein the presence of those software packages that 



2 are present is detected. 



48. 



The apparatus of 



2 packages are independently compiled, linked, and loaded. 



49. 



The apparatus of 



claim 26 wherein a software package has its own stack, the 



:laim 26 wherein one or more of the plurality of software 



software package's stack being selected prior to executing the software package. 
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